On Wed, Jan 30, 2002 at 08:18:31PM +1300, Yuri de Groot wrote: > On Wed, 30 Jan 2002, you wrote: > > Just a telnet to port 25 will tell you if a mail server is running. I don't > > advocate running a scan or doing anything unnecessary. Notifying them that > > their computer is infected would be a nice thing to do. > > But by the time you read your log file, that IP number might be allocated > to another user, or temporarily not allocated. Unless they have a fixed IP > which not many home users have (assuming it's a home user). > Then again, if they're infected with Code Red they must have had IIS running > at some stage, but there are plenty of home web servers using a dynamic dns > service. I can't imagine any professional web master still running > an un-patched IIS :-> so I assume it's a home user ...
Yes, and the sort of home user that has an unpatched IIS, and the attitude towards security that leads to this situation, is likely to have many other holes open, so perhaps scanning would be a good idea. Exploiting any found holes could be a great way to switch someone from windows to linux too. Kurt
